Need to install efitools package
by Tan, Ming
Dear all:
In order to compile the Celadon, now need to install the efitools package.
In Ubuntu, run the following command to install the efitools package:
$ sudo apt-get install efitools.
If the efitools package is not installed, you will get the following error:
FAILED: out/target/product/cel_apl/bootloader_policy-oemvars.txt
/bin/bash -c "device/intel/build/generate_blpolicy_oemvars -K device/intel/build/testkeys/odm -O device/intel/build/testkeys/OAK.x509.pem -B 0x0 out/target/product/cel_apl/bootloader_policy-oemvars.txt"
WARNING: can't open config file: /system/lib64/ssl/openssl.cnf
WARNING: can't open config file: /system/lib64/ssl/openssl.cnf
Traceback (most recent call last):
File "device/intel/build/generate_blpolicy_oemvars", line 261, in <module>
main(sys.argv[1:])
File "device/intel/build/generate_blpolicy_oemvars", line 229, in main
password, guid, "OAK", m.digest())
File "device/intel/build/generate_blpolicy_oemvars", line 144, in get_auth_data
name, payload_fname, auth_fname], None)
File "device/intel/build/generate_blpolicy_oemvars", line 73, in run
p = subprocess.Popen(args, stdin=subprocess.PIPE, stdout=subprocess.PIPE)
File "/usr/lib/python2.7/subprocess.py", line 710, in __init__
errread, errwrite)
File "/usr/lib/python2.7/subprocess.py", line 1327, in _execute_child
raise child_exception
OSError: [Errno 2] No such file or directory
BR/Tan Ming.
Software Engineer, SSG/OTC.
Mobile: +86 13651977713.
3 years, 1 month
informations about celadon
by Carlo Sindico
Hi,
I'm interesting about celadon project because i i would install android on
intel NUC.
I'm notice that the repository that contains the image files has been
deleted. May i have more informations about this?
Best Reguards,
Carlo
3 years, 1 month
Re: [01.org Celadon] SGX support
by Mehmood, Arshad
Hi Roger,
The Trusty implementation in Celadon is missing HW backed storage support which could prevent users to productize their BSPs due to reduced security. Google will not issue GMS compliance due to lack of HW backed storage. Currently, a hard coded seed value is given to Trusty at boot time which in end products is expected to be dynamic and attached to a particular hardware instance. It would be very helpful if a HW backed storage reference implementation (seed value extraction from CSE/TPM or any other medium) is also included into Celadon. This will make end product creation easier using Celadon.
Regards,
Arshad
-----Original Message-----
From: Feng, Roger [mailto:roger.feng at intel.com <mailto:celadon%40lists.01.org?Subject=Re%3A%20%5B01.org%20Celadon%5D%20SGX%20support&In-Reply-To=%3C32395DC3CB351A41B32D74B55F97D51156CE7A24%40SHSMSX104.ccr.corp.intel.com%3E> ]
Sent: Friday, August 24, 2018 8:32 AM
To: Stone Shi <stonexp(a)gmail.com<mailto:stonexp@gmail.com>>
Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
Subject: Re: [01.org Celadon] SGX support
Hi Stone,
Trusty for x86 (namely Trusty-IA) is supported and you can find the open source below. We upstream the code to Google Trusty in parallel.
https://01.org/trusty-ia
https://github.com/trusty-ia/manifest/wiki
Trusty-IA fully complies with Google Trusty. Trusty overview and API reference from Google is a good start.
https://source.android.com/security/trusty/
https://source.android.com/security/trusty/trusty-ref
The sample TAs are good "hello world" examples
https://github.com/trusty-ia/trusty_app_sample
Trusty supports Celadon project and provides the services including keymaster, emulated secure storage, crytpo and others. You may start your POC there.
https://github.com/projectceladon/manifest/wiki
If you have further questions on Trusty, feel free to contact me or zachary.zou at intel.com<https://lists.01.org/mailman/listinfo/celadon> directly.
thanks,
Roger
-----Original Message-----
From: Stone Shi [mailto:stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>]
Sent: Friday, August 24, 2018 4:39 AM
To: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>>
Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
Subject: Re: [01.org Celadon] SGX support
Hi Roger,
I am working as independent consultant. One of clients like to know whether thats possible for a POC. Windows 10 has license cost, I am not familiar with linux GUI application so Android seemed pretty good option. As I guessed, if SGX option is not there for Android, porting will be big work.
Would you please share more information about TEE? Isn't that part of ARM not intel CPU? Yes, I am interested in Trusty, please share more information.
Thank you very much.
Stone
> On Aug 22, 2018, at 10:30 PM, Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> wrote:
>
> Hi Stone,
>
> Good to know you are developing secure payment with SGX.
> Do you mind telling us what company are you working for and what's the business for this prototype? It helps us to evaluate the importance of SGX for Android support.
>
> SGX currently supports Windows & Linux. SGX for Android support is still on the way.
> You can find the SGX open source resources for Linux here https://github.com/intel/linux-sgx.
>
> As you know, SGX consists of Intel(R) SGX driver, the Intel(R) SGX SDK, and the Intel(R) SGX Platform Software (PSW).
> To support Android, these components must be ported accordingly. SGX driver and PSW are quite straightforward to port for Android.
> The key work is the SDK porting which is not a trivial task and I believe it is challenging for an end user who is not very familiar with it.
>
> Alternatively, before the SGX for Android support is available, is it possible to leverage other features or techniques to implement your POC? For Celadon, we have Trusty, a trusted execution environment (TEE), which provides the secure isolated space to run secure payment services, the secure storage with replay protection, keymaster servicer for key management. If you are interested in Trusty, we can provide you more info.
>
> Thanks,
> Roger
>
> -----Original Message-----
> From: Stone Shi [mailto:stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>]
> Sent: Wednesday, August 22, 2018 1:14 AM
> To: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>>
> Cc: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
> Subject: Re: [01.org Celadon] SGX support
>
> Thank you for getting back to me. I am looking for some prototype to protect sensitive information inside payment related application. Ideally, application has signed part of enclave and can be remotely attested. Server can push key into application and application can store all sensitive information encrypted.
>
>
>
> Stone
>
>> On Aug 20, 2018, at 9:31 PM, Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>> wrote:
>>
>> Hi Stone,
>> One more thing, would you tell us what you would like to use SGX for? Then we can discuss further on your request for future.
>>
>> Thanks,
>> Roger
>>
>> -----Original Message-----
>> From: Celadon [mailto:celadon-bounces at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>] On Behalf Of Feng, Roger
>> Sent: Monday, August 20, 2018 1:47 PM
>> To: Zhang, Yanmin <yanmin.zhang at intel.com<https://lists.01.org/mailman/listinfo/celadon>>; Stone Shi <stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>>; celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
>> Subject: Re: [01.org Celadon] SGX support
>>
>> Hi Stone,
>> By now there is no plan to support SGX for Android. Hope it clarifies.
>>
>> Thanks,
>> Roger
>>
>> -----Original Message-----
>> From: Zhang, Yanmin
>> Sent: Monday, August 20, 2018 11:45 AM
>> To: Stone Shi <stonexp at gmail.com<https://lists.01.org/mailman/listinfo/celadon>>; celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
>> Cc: Feng, Roger <roger.feng at intel.com<https://lists.01.org/mailman/listinfo/celadon>>
>> Subject: RE: [01.org Celadon] SGX support
>>
>> +Roger.
>>
>>> -----Original Message-----
>>> From: Celadon [mailto:celadon-bounces at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>] On Behalf Of Stone Shi
>>> Sent: Monday, August 20, 2018 7:51 AM
>>> To: celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
>>> Subject: [01.org Celadon] SGX support
>>>
>>> Hi,
>>>
>>> I wonder is it possible to support SGX in Celadon project? What needs be done?
>>>
>>>
>>> Stone
>> --
>> Celadon mailing list
>> Celadon at lists.01.org<https://lists.01.org/mailman/listinfo/celadon>
>> https://lists.01.org/mailman/listinfo/celadon
>
3 years, 1 month
SGX support
by Stone Shi
Hi,
I wonder is it possible to support SGX in Celadon project? What needs be done?
Stone
3 years, 1 month
